From 29cedb12936a673c2e04727627b4cda530b03ca2 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Wed, 20 Mar 2024 08:07:00 -0300 Subject: [PATCH] profiles: sort blacklist sections See etc/templates/profile.template. This is a follow-up to #6286. --- etc/profile-a-l/bpftop.profile | 2 +- etc/profile-a-l/cloneit.profile | 2 +- etc/profile-a-l/deadlink.profile | 2 +- etc/profile-a-l/dexios.profile | 2 +- etc/profile-a-l/editorconfiger.profile | 2 +- etc/profile-a-l/kdiff3.profile | 2 +- etc/profile-m-z/makepkg.profile | 6 +++--- etc/profile-m-z/statusof.profile | 2 +- etc/profile-m-z/textroom.profile | 2 +- etc/profile-m-z/torbrowser.profile | 2 +- etc/profile-m-z/tvnamer.profile | 2 +- 11 files changed, 13 insertions(+), 13 deletions(-) diff --git a/etc/profile-a-l/bpftop.profile b/etc/profile-a-l/bpftop.profile index 8c64a77c678..7670f1b4b17 100644 --- a/etc/profile-a-l/bpftop.profile +++ b/etc/profile-a-l/bpftop.profile @@ -7,8 +7,8 @@ include bpftop.local # Persistent global definitions include globals.local -blacklist /usr/libexec blacklist ${RUNUSER} +blacklist /usr/libexec include disable-common.inc include disable-devel.inc diff --git a/etc/profile-a-l/cloneit.profile b/etc/profile-a-l/cloneit.profile index 445ef4890e9..827dd1de289 100644 --- a/etc/profile-a-l/cloneit.profile +++ b/etc/profile-a-l/cloneit.profile @@ -7,8 +7,8 @@ include cloneit.local # Persistent global definitions include globals.local -blacklist /usr/libexec blacklist ${RUNUSER} +blacklist /usr/libexec include disable-common.inc include disable-devel.inc diff --git a/etc/profile-a-l/deadlink.profile b/etc/profile-a-l/deadlink.profile index f7535c5977d..9b378b4555c 100644 --- a/etc/profile-a-l/deadlink.profile +++ b/etc/profile-a-l/deadlink.profile @@ -6,8 +6,8 @@ include deadlink.local # Persistent global definitions include globals.local -blacklist /usr/libexec blacklist ${RUNUSER} +blacklist /usr/libexec noblacklist ${HOME}/.config/deadlink diff --git a/etc/profile-a-l/dexios.profile b/etc/profile-a-l/dexios.profile index 55d6c83cea5..7d549d7452c 100644 --- a/etc/profile-a-l/dexios.profile +++ b/etc/profile-a-l/dexios.profile @@ -7,8 +7,8 @@ include dexios.local # Persistent global definitions include globals.local -blacklist /usr/libexec blacklist ${RUNUSER} +blacklist /usr/libexec include disable-common.inc include disable-devel.inc diff --git a/etc/profile-a-l/editorconfiger.profile b/etc/profile-a-l/editorconfiger.profile index a921ae2d560..8812db35f37 100644 --- a/etc/profile-a-l/editorconfiger.profile +++ b/etc/profile-a-l/editorconfiger.profile @@ -6,8 +6,8 @@ include editorconfiger.local # Persistent global definitions include globals.local -blacklist /usr/libexec blacklist ${RUNUSER} +blacklist /usr/libexec include disable-common.inc include disable-devel.inc diff --git a/etc/profile-a-l/kdiff3.profile b/etc/profile-a-l/kdiff3.profile index d9e4480f5c2..02b389dffca 100644 --- a/etc/profile-a-l/kdiff3.profile +++ b/etc/profile-a-l/kdiff3.profile @@ -12,8 +12,8 @@ noblacklist ${HOME}/.config/kdiff3rc # Add the next line to your kdiff3.local if you don't need to compare files in disable-common.inc. # By default we deny access only to .ssh and .gnupg. #include disable-common.inc -blacklist ${HOME}/.ssh blacklist ${HOME}/.gnupg +blacklist ${HOME}/.ssh include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-m-z/makepkg.profile b/etc/profile-m-z/makepkg.profile index 3bda47fad1e..a8dd3988ba9 100644 --- a/etc/profile-m-z/makepkg.profile +++ b/etc/profile-m-z/makepkg.profile @@ -20,11 +20,11 @@ blacklist ${RUNUSER}/wayland-* noblacklist ${HOME}/.gnupg read-only ${HOME}/.gnupg/trustdb.gpg read-only ${HOME}/.gnupg/pubring.kbx -blacklist ${HOME}/.gnupg/random_seed -blacklist ${HOME}/.gnupg/pubring.kbx~ -blacklist ${HOME}/.gnupg/private-keys-v1.d blacklist ${HOME}/.gnupg/crls.d blacklist ${HOME}/.gnupg/openpgp-revocs.d +blacklist ${HOME}/.gnupg/private-keys-v1.d +blacklist ${HOME}/.gnupg/pubring.kbx~ +blacklist ${HOME}/.gnupg/random_seed # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop all capabilities this is automatically read-only. noblacklist /var/lib/pacman diff --git a/etc/profile-m-z/statusof.profile b/etc/profile-m-z/statusof.profile index 25c8df6800d..45da84e11ad 100644 --- a/etc/profile-m-z/statusof.profile +++ b/etc/profile-m-z/statusof.profile @@ -7,8 +7,8 @@ include statusof.local # Persistent global definitions include globals.local -blacklist /usr/libexec blacklist ${RUNUSER} +blacklist /usr/libexec # Allow python (blacklisted by disable-interpreters.inc) include allow-python3.inc diff --git a/etc/profile-m-z/textroom.profile b/etc/profile-m-z/textroom.profile index 6fdba750101..912fce6c134 100644 --- a/etc/profile-m-z/textroom.profile +++ b/etc/profile-m-z/textroom.profile @@ -6,8 +6,8 @@ include textroom.local # Persistent global definitions include globals.local -blacklist /usr/libexec blacklist ${RUNUSER}/wayland-* +blacklist /usr/libexec noblacklist ${HOME}/.config/textroom diff --git a/etc/profile-m-z/torbrowser.profile b/etc/profile-m-z/torbrowser.profile index 15ca5b550d0..669394aafb7 100644 --- a/etc/profile-m-z/torbrowser.profile +++ b/etc/profile-m-z/torbrowser.profile @@ -12,8 +12,8 @@ ignore dbus-user none noblacklist ${HOME}/.cache/mozilla noblacklist ${HOME}/.mozilla -blacklist /usr/libexec blacklist /sys/class/net +blacklist /usr/libexec mkdir ${HOME}/.cache/mozilla/torbrowser mkdir ${HOME}/.mozilla diff --git a/etc/profile-m-z/tvnamer.profile b/etc/profile-m-z/tvnamer.profile index 24439672a4c..19c94feea94 100644 --- a/etc/profile-m-z/tvnamer.profile +++ b/etc/profile-m-z/tvnamer.profile @@ -6,8 +6,8 @@ include tvnamer.local # Persistent global definitions include globals.local -blacklist /usr/libexec blacklist ${RUNUSER} +blacklist /usr/libexec noblacklist ${HOME}/.config/tvnamer noblacklist ${VIDEOS}